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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )£3 Responsive to communication(s) filed on 20 September 2006 . 
2a)Q This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1, 453 O.G. 213. 

Disposition of Claims 

4) 03 Claim(s) 84-122 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 84-122 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C, § 1 1 9 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. 



Claims 84-1 12 are pending. 



2. 



The RCE of 9/20/06 has been received and entered. 



Claim Rejections - 35 USC § 101 



3. 



35 U.S.C. 101 reads as follows: 



Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 



The disclosed invention is inoperative and therefore lacks utility. Claims 84-122 fail to create a 
security policy. For example, independent claim 84 generates and outputs a "security policy 
draft." The steps however do not appear to create a security policy in itself. 

The claimed invention is directed to non-statutory subject matter. 
After carefully considering the Applicant's claims and specification, it is the Examiner's 
understanding that the generation of the security policy comes about through the querying of 
people and individuals within an organization. For example, claim 85 recites: 

'The method of generating a security policy according to claim 84, wherein transmitting the 
generated inquiries further comprises transmitting the generated inquiries to members of an 
organization for review and receiving input further comprises receiving input from the 
members of the organization. 99 
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From the specification, it appears that the basic methodology by which the security policy is 
generated comes about by asking questions to members within an organization whose inputs then 
yields facts about the "realities" of the organization. After this period of questioning, 
contradictions between the users are resolved into a document known as a security policy. 

However, within this understanding, the Examiner notes that the method for generating this 
security draft is fundamentally intangible. Though the transmission and receiving of input from 
the user may imply a sense of digital transactional tangibility, the subject matter being 
transmitted is derived from the intangible inputs of user's responses to questions. The basis of 
the generation of the security policy depends upon the answers given by the users to the 
inquiries; thus the method recited in claim 84 is dependent upon human factors and the 
communication skills of the human members involved in the dialogue. 

As an example, the physicist Richard Feynman has an algorithm for solving difficult problems 
attributed to his name: 

The Feynman Problem-Solving Algorithm: 

(1) write down the problem; 

(2) think very hard; 

(3) write down the answer. 
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Although this algorithm may work to a certain extent, or even allow a large degree of 
repeatability, the success of the algorithm is dependant upon the skill the individual applying the 
algorithm, 

By the same context, the Applicant's method for generating a security policy is understood by 
the Examiner to be based upon sending inquiries to users, receiving their input, and reviewing 
this input to tailor the security rules into a "security policy draft" 

The digital transformation of the user responses and their transmission does not increase the 
tangibility of the methods recited by the claims. The digital data being manipulated remains 
fundamentally derived from the individual responses to the inquiries and the individuals' candor, 
emotions, objectivity regarding the questions, and intelligence. For this reason, the Examiner 
holds that the transformation of this data into a digital format ready for digital transmission 
insofar as this transformation is used to generate a security policy does not render the claim 
tangible for the purposes of patentability. In order to satisfy the criteria for 35 USC 101 for 
statutory subject matter the claims must be concrete, useful, and tangible. 

Claims 99- 1 13 are substantially similar to claims 84-98 and are rejected for the same reasons 
respectively. 

Claims 1 14 - 122 are substantially similar to claims 84-92 and are rejected for the same reasons 
respectively. 
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Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the , 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

5. Claims 84, 85, 99, 100, 1 14, 1 15 are rejected as being anticipated under 35 USC 102(e) 
by "Information Security Policies and Procedures, A Practitioner's Reference", Thomas Peltier 

In reference to claim 84: 

"Information Security Policies and Procedures, A Practitioner's Reference", Thomas Peltier 
discloses a method of generating a security policy for a predetermined organization, comprising: 

• Receiving a field of business identifier, where the field of business identifier is the 
financial reports, audit findings etc. (page 43, "Reference works" et seq.) 

• Receiving an indicator of rigorousness, where the indicator of rigorousness is for the 
determination of the security to be used for the policy, (page 74, "Classification 
requirements" et seq.) 

• Retrieving security rules from a stored knowledge based on the indicator of rigorousness; 
(section 6.1 et seq. "Guidelines" page 49-51) 
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• Generating inquiries regarding the retrieved security rules based upon the field of 
business identifier and the indicator of rigorousness, where the inquiries is the interview 
(sections 7,8, 10 "What to look for in a Good writer/editor", "Development 
Responsibilities", "key factors in establishing the development cost" page 38-42) 

• Transmitting the generated inquiries to at least one user, where the interviewees tells the 
writer the answers to the inquiries (sections 7,8, 10 "What to look for in a Good 
writer/editor", "Development Responsibilities", "key factors in establishing the 
development cost" page 38-42) 

• Receiving input from the at least one user in response to the transmitted inquiries, where 
the writer receives the responses and records them (sections 7,8, 10 "What to look for in 
a Good writer/editor", "Development Responsibilities", "key factors in establishing the 
development cost" page 38-42) 

• Tailoring the retrieved security rules based upon the received input to generate a security 
policy draft, where the security rules and input the users is tailored to create the draft 
(section 5, "core and support teams", page 38) 

• Outputting the generating security policy draft that includes the tailored security rules, 
where the policy draft is generated from the tailored responses and rules, (section 5, 
"core and support teams", page 38) 



In reference to claim 85: 
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Information Security Policies and Procedures, A Practitioner's Reference", Thomas Peltier 
discloses the method of generating a security policy according to claim 84, wherein transmitting 
the generated inquiries further comprises transmitting the generated inquiries to members of an 
organization for review and receiving input further comprises receiving input from the members 
of the organization. (Section 6, "Focus Group" page 38) 



Claims 99, 100 are substantially similar to claims 84, 85 and are rejected for the same reasons 
respectively. 

Claims 1 14, 1 15 are substantially similar to claims 84, 85 and are rejected for the same reasons 
respectively. 

6. Any inquiry concerning this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gilberto Barron can be reached on (571)272-3799. 

The Examiner may also be reached through email through Thomas.Ho6@uspto.gov 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 
General Information/Receptionist Telephone: 571-272-2100 Fax: 571-273-8300 
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Customer Service Representative Telephone: 571-272-2100 fax: 571-273-8300 



TMH 



December 9 th , 2006 Qjhdk 




6ILBERT0 BARRON 3tfL 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



